TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 755daedde947dc34d2bdd1fdc089bad8a28b436b / . / boot / bootutil / src / image_ec256.c
blob: f59a8f0e68d3fb88cdcef618b1493e9645360f25 [file] [log] [blame]
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]1/*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19
Marko Kiiskila755daed2016-12-30 18:53:13 -0800[diff] [blame^]20#include <string.h>
21
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]22#include "syscfg/syscfg.h"
23
24#if MYNEWT_VAL(BOOTUTIL_SIGN_EC256)
25#include "bootutil/sign_key.h"
26
27#include "mbedtls/oid.h"
28#include "mbedtls/asn1.h"
29
30#include "tinycrypt/ecc_dsa.h"
31#include "bootutil_priv.h"
32
33/*
34 * Declaring these like this adds NULL termination.
35 */
36static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_EC_ALG_UNRESTRICTED;
37static const uint8_t ec_secp256r1_oid[] = MBEDTLS_OID_EC_GRP_SECP256R1;
38
39/*
40 * Parse the public key used for signing.
41 */
42static int
43tinycrypt_import_key(EccPoint *pubkey, uint8_t *cp, uint8_t *end)
44{
45 size_t len;
46 mbedtls_asn1_buf alg;
47 mbedtls_asn1_buf param;
48
49 if (mbedtls_asn1_get_tag(&cp, end, &len,
50 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
51 return -1;
52 }
53 end = cp + len;
54
55 if (mbedtls_asn1_get_alg(&cp, end, &alg, &param)) {
56 return -2;
57 }
58 if (alg.len != sizeof(ec_pubkey_oid) - 1 ||
59 memcmp(alg.p, ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
60 return -3;
61 }
62 if (param.len != sizeof(ec_secp256r1_oid) - 1 ||
63 memcmp(param.p, ec_secp256r1_oid, sizeof(ec_secp256r1_oid) - 1)) {
64 return -4;
65 }
66 if (mbedtls_asn1_get_bitstring_null(&cp, end, &len)) {
67 return -6;
68 }
69 if (cp + len != end) {
70 return -7;
71 }
72
73 if (len != 2 * NUM_ECC_BYTES + 1) {
74 return -8;
75 }
76 if (cp[0] != 0x04) {
77 return -9;
78 }
79
80 ecc_bytes2native(pubkey->x, cp + 1);
81 ecc_bytes2native(pubkey->y, cp + 1 + NUM_ECC_BYTES);
82
83 return 0;
84}
85
86/*
87 * cp points to ASN1 string containing an integer.
88 * Verify the tag, and that the length is 32 bytes.
89 */
90static int
91tinycrypt_read_bigint(uint32_t i[NUM_ECC_DIGITS], uint8_t **cp, uint8_t *end)
92{
93 size_t len;
Marko Kiiskila755daed2016-12-30 18:53:13 -0800[diff] [blame^]94 uint8_t bigint[NUM_ECC_BYTES];
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]95
96 if (mbedtls_asn1_get_tag(cp, end, &len, MBEDTLS_ASN1_INTEGER)) {
97 return -3;
98 }
Marko Kiiskila755daed2016-12-30 18:53:13 -0800[diff] [blame^]99 if (len > NUM_ECC_BYTES) {
100 memcpy(bigint, *cp + len - NUM_ECC_BYTES, NUM_ECC_BYTES);
101 } else {
102 memset(bigint, 0, NUM_ECC_BYTES - len);
103 memcpy(bigint + NUM_ECC_BYTES - len, *cp, len);
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]104 }
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]105 *cp += len;
Marko Kiiskila755daed2016-12-30 18:53:13 -0800[diff] [blame^]106 ecc_bytes2native(i, bigint);
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]107 return 0;
108}
109
110/*
111 * Read in signature. Signature has r and s encoded as integers.
112 */
113static int
114tinycrypt_decode_sig(uint32_t r[NUM_ECC_DIGITS], uint32_t s[NUM_ECC_DIGITS],
115 uint8_t *cp, uint8_t *end)
116{
117 int rc;
118 size_t len;
119
120 rc = mbedtls_asn1_get_tag(&cp, end, &len,
121 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
122 if (rc) {
123 return -1;
124 }
125 if (cp + len != end) {
126 return -2;
127 }
128 rc = tinycrypt_read_bigint(r, &cp, end);
129 if (rc) {
130 return -3;
131 }
132 rc = tinycrypt_read_bigint(s, &cp, end);
133 if (rc) {
134 return -4;
135 }
136 return 0;
137}
138
139int
140bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, int slen,
141 uint8_t key_id)
142{
143 int rc;
144 uint8_t *cp;
145 uint8_t *end;
146 EccPoint ctx;
147 uint32_t r[NUM_ECC_DIGITS];
148 uint32_t s[NUM_ECC_DIGITS];
149 uint32_t hash_t[NUM_ECC_DIGITS];
150
151 cp = (uint8_t *)bootutil_keys[key_id].key;
152 end = cp + *bootutil_keys[key_id].len;
153
154 rc = tinycrypt_import_key(&ctx, cp, end);
155 if (rc) {
156 return -1;
157 }
158
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]159 rc = tinycrypt_decode_sig(r, s, sig, sig + slen);
160 if (rc) {
161 return -1;
162 }
163
164 /*
165 * This is simplified, as the hash length is also 32 bytes.
166 */
167 if (hlen != NUM_ECC_BYTES) {
168 return -1;
169 }
170
171 ecc_bytes2native(hash_t, hash);
172 rc = ecdsa_verify(&ctx, hash_t, r, s);
173 if (rc == 1) {
174 return 0;
175 } else {
176 return -2;
177 }
178}
179#endif /* MYNEWT_VAL(BOOTUTIL_SIGN_EC256) */